Talk Liberation

Share this post

Talk Liberation
Talk Liberation
Has TikTok Failed Our Kids and Can Typing Loudly Get You Hacked? (Issue 21, 2023)
Copy link
Facebook
Email
Notes
More

Has TikTok Failed Our Kids and Can Typing Loudly Get You Hacked? (Issue 21, 2023)

Also: beware the UK's growing reliance on mass Facial Recognition and the Worldcoin "Data Collection Orb"

Talk Liberation
Aug 17, 2023
3

Share this post

Talk Liberation
Talk Liberation
Has TikTok Failed Our Kids and Can Typing Loudly Get You Hacked? (Issue 21, 2023)
Copy link
Facebook
Email
Notes
More
1
Share

We’re delivering you the hottest internet news that affects all of us. Scroll down to read our full reporting below and if you love what we’re doing, please consider contributing $5 per month so that we can continue providing you with this vital, unique reporting.

Talk Liberation is committed to providing equal access for individuals with disabilities. To view an accessible version of this article, click here.

In this edition:

  • TikTok Fails to Protect Children

  • Your Keyboard is now a Vulnerability

  • UK Spies Want More Personal Data

  • Dystopian Worldcoin “Data Collection Orb” Causing Investigations

  • OpenAI Scrapes You for Free

  • UK Government Supports Mass Facial Recognition

  • Colorado Students Hit by Massive Data Breach

  • Behavioral Based Ads Suffer Setback

TikTok Fails to Protect Children

Violations of Europe’s General Data Protection Regulation (GDPR) by TikTok will likely earn them a fine potentially in the millions of dollars. The investigation into the Chinese social media behemoth was started in 2021 by the Irish Data Protection Commission, one of the agencies comprising the network of national privacy regulators known as the European Data Protection Board (EDPB).

The primary motivation behind the Irish inquiry was determining:

Whether the Chinese-owned app ensured its default settings sufficiently protected children’s privacy and if the company was transparent enough in how it processed minors’ data.

Spoiler alert: They were not.

Used by over 125 million people within the EU, TikTok was notified on August 2nd that the EDPB had resolved to move forward with issuing a final penalty and possibly requiring corrective measures. Due to the location of TikTok’s European headquarters in Ireland, the Irish Data Protection Commission will have one month to determine the size and details of the fine.

Of note is also Tiktok’s €750,000 fine in 2021 for failing to protect Dutch children’s privacy and the ongoing investigation from Irish privacy regulators regarding TikTok’s unlawful shipping of European users' data to China.

Talk Liberation is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Your Keyboard is now a Vulnerability

Researchers Joshua Harrison, Ehsan Toreini, and Marhyam Mehrnezhad have revealed that simply by listening to an audio recording of someone typing it is possible to know what was typed with nearly 93% accuracy.

In their paper A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards (Full PDF here) they outline the method used to train AI models on acoustic typing data. Their findings reveal that each key on your keyboard apparently has a unique sound that is discernible even over a Zoom call. While the accuracy of the keyboard audio-to-text is much higher when the target uses common types of keyboards (most laptops have similar sound profiles, even across different brands), the efficacy is also increased the quieter the room is.

Fortunately there are a few ways to mitigate your vulnerability, such as: altering your typing style (touch typing or entering false keystrokes), using SHIFT to include capital letters when typing passwords, or simply using an uncommon keyboard.

UK Spies Want More Personal Data

Bulk Personal Datasets or “BPDs” are massive troves of data that often contain sensitive information on incredibly large groups of people. The UK intelligence agencies have recently begun lobbying to weaken the surveillance laws that they claim are imposing “burdensome” limits on them when training AI models that incorporate BPDs.

This move has alarmed privacy experts and civil liberties groups like Liberty who claim that weakening the surveillance laws, passed primarily in 2016 after Edward Snowden’s disclosures exposing intrusive surveillance programs, will unwind many important legal protections for citizens. A lawyer from Liberty also stated that:

“It should not be made easier to store the data of people who are not under suspicion by the state, especially such large datasets affecting so many people. Any temptation in this review to recommend legislative changes which widen bulk powers or lessen safeguards should be fiercely resisted.”

The intelligence agencies have counter-argued that BPDs comprised of data where people have “low to no expectation of privacy” should not fall under the current rule necessitating a judge to approve BPD examination and retention. Instead, a faster process of self-authorization by the intelligence agencies has been proposed.

Additionally, the agencies’ proposals express frustrations about time-consuming administrative processes when using certain datasets and reveal a desire to use AI for intelligence gathering.

Responding to this claim, privacy and surveillance expert Ian Brown wrote:

“Data scientists’ disappointment they don’t get to play with all their wonderful new toys isn’t a good justification for weakening fundamental rights protection”.

Dystopian “Data Collection Orb” from Worldcoin causing Investigations

French, German, British and now Kenyan data protection agencies have formally opened investigations into Worldcoin as the company continues to add sensitive personal and biometric data to their database of over 2.2 million people.

Officially launched in July 2023, Worldcoin is a project co-founded by OpenAI CEO Sam Altman and prior to launch included an extensive two year testing phase. This testing phase primarily consisted of paying many vulnerable people for their valuable personal data which led investigative reporters Eileen Guo and Adi Renaldi to dig into the company. Per their findings:

“Our investigation revealed wide gaps between Worldcoin’s public messaging, which focused on protecting privacy, and what users experienced. We found that the company’s representatives used deceptive marketing practices, collected more personal data than it acknowledged, and failed to obtain meaningful informed consent.” 

With the official launch of Worldcoin now behind us, Eileen Guo still has concerns about verifying Worldcoin CEO Alex Blania’s claim that Worldcoin deleted the biometric data collected from test users that was used to train their artificial intelligence models during the testing phase. 

OpenAI Scrapes You for Free

Artificial intelligence models rely on large amounts of data to function and improve themselves over time and OpenAI’s product is no different. To support continual improvement and retain their significant competitive advantage, OpenAI uses a website crawler known as GPTBot that can add data for training the models from any publicly available website.

In a freshly released technical document from OpenAI, website admins can now identity GPTBot and (according to OpenAI) modify the commonly used robot.txt file of their website to prevent the GPTBot crawler from accessing their site.

The legality of scraping massive amounts of data has already gotten OpenAI into hot water when it vacuumed up license-encumbered codebases and regurgitated them via Github’s “Copilot” source-suggestion service. Also worth noting are several book authors who are suing OpenAI for training models on their work without permission.

UK Government Supports Mass Facial Recognition

The Home Office (HO) is a ministerial department of the British Government that is responsible for immigration, security, and law and order. Recently it was revealed that this department had secretly been backing a rollout of facial recognition technology under the guise of curbing retail crime.

By essentially sanctioning private business to fill a role routinely performed by police, the Home Office is facing scrutiny for supporting the erosion of personal privacy rights while the actual effect of the facial recognition tech on retail crime is still questionable.

Data by the Association of Convenience Stores found that 47% of people caught stealing were doing so for the first time, and this statistic rises in correlation with price increases to essential food items and cost of living.

Colorado Students Suffer Massive Data Breach

The Colorado Department of Higher Ed experienced a massive data breach from an “unauthorized actor” that accessed its systems between June 11 and 19, 2023. Among the data that was copied and stolen were names and Social Security numbers or student identification numbers, as well as other education records affecting students.

The Department has issued a warning for anyone who attended high school in the state of Colorado between 2004 and 2020 that their personal data may now be on the dark web.

The average high school enrollment for Colorado over this period is roughly 260k high school students per year meaning this data breach will affect over 4 million students who attended school in the state of Colorado during the sixteen year period.

Behavioral Based Ads Suffer Setback

Meta (Facebook and Instagram) users in EU, EEA, and Switzerland will now be allowed to choose whether or not they want to see ads which have been personalized based on behavior tracking. Under EU law, even people who say “no” must still be allowed to access the services.

A primary driver behind this U-turn from Meta are the results of a January ruling from Irish data privacy regulators that saw Facebook’s parent company fined €390 million for violating the EU’s General Data Protection Regulations (GDPR) when processing user data used in targeted advertisements.

While this change is still not live for users in the EU, Meta plans to work with regulators in the coming months to ensure proper data privacy practices are being properly implemented and that their applications are in compliance with European data regulators.

That concludes Your Worldwide INTERNET REPORT for this week! 

Remember to SUBSCRIBE and spread the word about this unique news service.

This issue of Your Worldwide INTERNET REPORT was written by Matt Millen of WillenRimer; Edited by Suzie Dawson and Sean O’Brien; Graphics by K4t4rt; with production support by Beth Bracken.

Talk Liberation - Your Worldwide INTERNET REPORT was brought to you by Panquake.com. We Don’t Hope, We Build! 

© Talk Liberation Limited. The original content of this article is licensed under a Creative Commons Attribution-ShareAlike 4.0 International license. Please attribute copies of this work to “Talk Liberation” or talkliberation.com. Some of the work(s) that this program incorporates may be separately licensed. For further information or additional permissions, contact licensing@talkliberation.com

Talk Liberation is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

3

Share this post

Talk Liberation
Talk Liberation
Has TikTok Failed Our Kids and Can Typing Loudly Get You Hacked? (Issue 21, 2023)
Copy link
Facebook
Email
Notes
More
1
Share

Discussion about this post

No posts

Ready for more?

© 2024 Talk Liberation Limited
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More